diff --git a/submariner/IPV6-OVN.md b/submariner/IPV6-OVN.md new file mode 100644 index 00000000..54986c38 --- /dev/null +++ b/submariner/IPV6-OVN.md @@ -0,0 +1,103 @@ +# **Submariner OVN CNI Enhancement for IPv6 Support** + +## **Summary** + +This proposal outlines the changes required in Submariner for OVN Kubernetes +CNI to enable IPv6 support, ensuring seamless connectivity between clusters +using Submariner. The main proposal has the full design +[IPv6 Datapath Enhancements](https://github.com/submariner-io/enhancements/blob/devel/submariner/IPV6-datapath.md) +This covers only the OVN CNI part of it. + +--- + +## Design Details + +The OVNKubernetes handler programs network policies and routes to direct traffic from +the gateway and non-gateway nodes to direct the traffic to the remote cluster. +At present the routes are only programmed for IPv4 for addresses. We need to enhance +this to support IPV6 addresses as well. + +The handler for creating the Gateway and NonGateway routes needs to be enhanced. + +### GatewayRoute CRD + +The GatewayRoute will now create a new CR for with the IPV6 next hops and +IPV6 remote CIDRs for a dual-stack environment along with the existing IPv4 CIDR. +For Ipv6 only there will be only the IPV6 CR + +The next hop will be the interface IP of ovn-k8s-mp0 interface, which is expected +to have both IPv4 and IPV6 IPs in the case of dual-stack environments. + +```yaml +apiVersion: submariner.io/v1alpha1 +kind: GatewayRoute +metadata: + name: remote-cluster-route +spec: + nextHops: + - "fd00:abcd::1" + remoteCIDRs: + - "fd00:4321::/64" +``` + +### NonGatewayRoute CRD + +The NonGatewayRoute will follow the same pattern as GatewayRoute and will create a new CR +for IPV6. The nexthops will be the transit switch IP of the gateway node. + +#### **NonGatewayRoute CRD Example** + +```yaml +apiVersion: submariner.io/v1alpha1 +kind: NonGatewayRoute +metadata: + name: non-gw-route +spec: + nextHops: + - "fd00:cafe::1" + remoteCIDRs: + - "fd00:5678::/64" +``` + +### GatewayRoute Handler + +The GatewayRoute Handler should be aware of the IPV6 address that can be present in the CR +and program the logical router policy and the logical route accordingly. + +The below is the logical router policy to reroute the submariner traffic to ovn-k8s-mp0. + +```plaintext +match: "ip6.dst==fd00:5678::/64" +action: reroute +nexthops: ["fd00:abcd::1"] +priority: 20000 +``` +The below is the logical route to accept the traffic coming from non-gateway nodes. + +```plaintext +destination: "fd00:1234::/64" +nexthop: "fd00:cafe::1" +priority: 200 +``` + +### NonGatewayRoute Handler + +The NonGatewayRoute Handler should be aware of the IPV6 address that can be present in the CR +and program the logical router policy accordingly. + +The below is the logical router policy to reroute the submariner traffic to transit switch +connecting to the gateway node. + +```plaintext +match: "ip6.dst==fd00:5678::/64" +action: reroute +nexthops: ["fd00:abcd::1"] +priority: 20000 +``` +### TODO + +* Enhance GatewayRoute controller and NonGatewayRoute controller to support IPV6 +* Ensure that GatewayRoute Handler and NonGatewayRoute Handler are programming the +required routes, if not make the required changes. + +---